1. The Field of the Invention
The invention generally relates to the field of communications between endpoints. More specifically, the invention relates to identifying addresses to endpoints for entities and to providing security information for secure communications to the endpoints.
2. Description of the Related Art
Modern computer networking has become so ubiquitous so as to be present in nearly all types of communications. As examples, computer networks are used to transmit email data. Computer networks are used to access vast repositories of static and dynamic data such as that which can be accessed through the Internet or other wide area networks and local area networks. Additionally, computer networks are the primary medium used to transmit voice and fax data between switching points in modem telephone applications.
Data on networks travels from one endpoint to another endpoint. The data may travel through other points during transmission to endpoints. Endpoints are typically addressable, meaning that a specific address, such as an Internet Protocol (IP), Media Access Control (MAC) address, uniform resource identifier (URI) may be used to identify the endpoint. Exemplary endpoints include processors, servers, web services, email addresses, resources and the like.
With the vast amounts of useful data being transmitted on networks, malicious and/or unethical individuals have expended countless resources in devising ways to compromise networks. These individuals can extract data from a compromised network for fraudulent or malicious use. For example, an e-commerce transaction that includes passing credit card information between endpoints may be compromised allowing an individual to fraudulently use the credit card information in obtaining goods or services.
Individuals use a number of methods to compromise a network. For example, an individual may “tap” a network line to “listen” to communications on the network. Alternatively, an individual may use “spoofing” techniques. Spoofing involves sending information from a resource, such as a computer, cpu, web server, etc. that appears to be a resource other than the resource sending the information. For example, a fraudulent web server may send information identifying itself by an internet protocol (IP) address that is trusted by an individual accessing the web server, when in fact the web server is a web server with an IP address different than the IP address being asserted.
Various techniques have been used to combat network compromising activities. To name a few, encryption is used to scramble data so as to make it non-understandable to an individual who has tapped the network. To prevent spoofing, various authentication techniques have been implemented requiring presentation of identification information. Thus a resource provides a token, such as a password, to verify its identity to other resources on the network.
Some security systems use a pre-session boot-strap. A pre-session bootstrap involves an exchange of information between endpoints to authenticate the endpoints prior to sending and receiving the data that is the subject of the session. Prior to sending the authentication information, a user trying to access an endpoint cannot verify that the endpoint being communicated with is a trusted endpoint, or the desired endpoint. Thus, the pre-session boot strap exchange is essentially an un-trusted exchange where spoofed data may be transmitted and received. It would therefore be new and useful to have a system that eliminates the need for pre-session bootstrap security exchanges or that makes the pre-session boot strap exchanges more secure.
Another challenge with existing systems is that references storing addresses typically include a single address where information can be routed. For example a reference may include an email address for an individual. However, if the email address is a work email address, it is likely that the individual may not receive some messages sent to that address in a timely manner, such as when the individual is away from work. Additionally, an individual may have several addresses where they can be contacted. Current systems require a user desiring to send messages to the individual to select the appropriate address for the user. It would therefore be new and useful to have a system that allows for an individual to address a message to a particular identity and to have that message reach the most appropriate endpoint for the particular identity.